Aaron Parecki<https://x.com/aaronpk> and I published a new version the "OAuth 
2.0 Protected Resource Metadata" specification that addresses the review 
comments received since the IETF Last Call. Per the history entries, the 
changes were:

  *   Added metadata values declaring support for DPoP and mutual-TLS client 
certificate-bound access tokens.
  *   Added missing word caught during IANA review.
  *   Addressed ART, SecDir, and OpsDir review comments by Arnt Gulbrandsen, 
David Mandelberg, and Bo Wu, resulting in the following changes:
  *   Added step numbers to sequence diagram.
  *   Defined meaning of omitting bearer_methods_supported metadata parameter.
  *   Added internationalization of human-readable metadata values using the 
mechanism from [RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>].
  *   Added resource_name metadata parameter, paralleling client_name in 
[RFC7591<https://www.rfc-editor.org/rfc/rfc7591.html>].
  *   Added Security Considerations section on metadata caching.
  *   Used and referenced Resource Identifier definition.
  *   Added motivating example of an email client to intro.

The specification is available at:

  *   https://www.ietf.org/archive/id/draft-ietf-oauth-resource-metadata-09.html

                                                                -- Mike

P.S.  This note was also posted at https://self-issued.info/?p=2569 and 
referenced from https://x.com/selfissued/status/1834763444899528772 and 
https://www.linkedin.com/posts/selfissued_oauth-20-protected-resource-metadata-draft-activity-7240529820818808832-oOYU/.
_______________________________________________
OAuth mailing list -- oauth@ietf.org
To unsubscribe send an email to oauth-le...@ietf.org

Reply via email to